\chapter{Introduction}
\label{cha:intro}



Implementation of Secure systems requires that it runs on top of a secure base which does not have any bugs. Software today have many bugs in them \cite{vuls}. The presence of bugs provide a means for attackers to gain access to one process and then it can lead to the compromise of the whole system.
The modern Operating Systems have a Huge code base due to its complexity and immense functionality, therefore it provides the ability to have exploitable bugs in them.
Exploiting these vulnerabilities gives the attackers access to the system and in turn allows the modification of OS kernel and System utilities leading to compromising the integrity of systems. Ones the OS is compromised none of the applications which run on top of it can be trusted.
Any security intense system implemented on these bug filled operating systems have the ability to get compromised, due to the insecure base that it will be running on.

Detecting a compromise has become a challenge as the attackers have new techniques to hide their presence on the systems. Intrusion detection and prevention systems too need to be secured so that it cannot be exploited. 

Host based IDS provide the visibility into the Monitored Host Machine to effectively detect intrusive activities, yet a attack on the host will open up the IDS for attack and later making the IDS untrustable.
To solve this the IDS can be placed away from the monitored host to protect it from attack (as a NIDS). This approach would not give it the visibility to properly detect what's happening on the Host being Monitored.

The computer architectures available today doesn't allow a completely secure and fully thrustable Intrusion Detection Systems implementation. This being that more the Visibility into the Activities of the Monitored Host, the more it will put the IDS into risk of Attack. Making lesser the risk of getting attacked by putting it away from the Host decreases the ability to monitor activities on the Monitored Host. 

Because of the above mentioned conflicting requirements it is essential to have a architecture to provide both these conflicting requirements. Virtualization has the ability to provide the  properties of Isolation,  Inspection and Interposition  needed to deploy this new architecture needed by the secure services \cite{HypID} , \cite{garfinkel:vmi}.

In this survey i will be discussing the conventional IDS systems available at the moment, the kinds of attacks they need to prevent. Also about Virtualization the main twister that allows the discussing of the new Secure Architecture, and the properties it provides for Intrusion Detection System implementation.







\section{Organization of the report}
In this Survey I identify the approaches available to detect and prevent Intrusive activities by a Intrusion Detection System based on Virtualization Technology.

In the First few Chapters I will be presenting the underlying Systems available at the moment which are of use to implement the Proposed Intrusion Detection System. I will be discussing the Intrusion Detection Systems that are available at the moment, the reason why they cannot be fully Trusted, the kinds of attacks the Intrusion Detection Systems Detect.
Then the most important technology which makes this new approach to providing security possible which is Virtualization will be introduced. Then I will discuss how Virtualization can be used for providing the base for a Perfect Intrusion Detection System.
The way in which the properties of Inspection, Interposition can be introduced to the virtualization techniques, and how the Intrusive activities can be Detected by using Inspections and Interposition.
Finally the features that are available from the Open Source Hypervisor XEN which would enable a implementation of a Secure Intrusion Detection System.
















